You are not logged in.

#1 2021-09-29 06:17:42

chowbok
Member
Registered: 2017-11-27
Posts: 18

[SOLVED] Latest sshd not accepting key algorithms

I just upgraded from openssh 8.7p1-1 to openssh 8.8p1-1. When I try to do a key-based login now, it's refusing my connection and logging this:

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms

This is very odd, since ssh claims it is an accepted algorithm:

> ssh -Q PubkeyAcceptedAlgorithms | grep rsa
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-rsa-cert-v01@openssh.com
rsa-sha2-256-cert-v01@openssh.com
rsa-sha2-512-cert-v01@openssh.com

A Google seach for that error gives me exactly one hit, in Russian.

Anyone have any thoughts?

Last edited by chowbok (2021-09-29 06:46:54)

Offline

#2 2021-09-29 06:37:22

chowbok
Member
Registered: 2017-11-27
Posts: 18

Re: [SOLVED] Latest sshd not accepting key algorithms

Never mind, looks like a problem with PuTTY rather than OpenSSH. Anyone else running into this, you'll have to regenerate your keys with the latest version of PuTTYGen.

Offline

#3 2021-09-29 09:15:59

childerico
Member
From: Italy
Registered: 2015-11-18
Posts: 64

Re: [SOLVED] Latest sshd not accepting key algorithms

Actually, I have the some problem (i.e., key-based authentication not working any more) after the upgrade to openssh 8.8p1-1 and I am not using PuTTY. Downgrading fixes the issue.

EDIT: sorry for my pretty unuseful reply: the issue is likely not due to a bug in openssh: https://dev.to/cloudx/why-openssh-8-8-c … ovided-49i

Last edited by childerico (2021-09-29 09:19:00)

Offline

#4 2021-09-30 03:45:12

vr0
Member
Registered: 2021-09-30
Posts: 1

Re: [SOLVED] Latest sshd not accepting key algorithms

> cat /etc/ssh/sshd_config
...
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa
...

> journalctl -f -u sshd
Sep 30 05:03:10 xxxx systemd[1]: Started OpenSSH Daemon.
Sep 30 05:03:10 xxxx sshd[115707]: Server listening on 0.0.0.0 port 22.
Sep 30 05:03:10 xxxx sshd[115707]: Server listening on :: port 22.
Sep 30 05:03:24 xxxx sshd[115709]: Accepted publickey for xxxx from xx.xx.xx.xx port 55163 ssh2: RSA SHA256:XXXX
Sep 30 05:03:24 xxxx sshd[115709]: pam_unix(sshd:session): session opened for user xxxx(uid=xxxx) by (uid=xxxx)
Sep 30 05:03:24 xxxx sshd[115709]: pam_env(sshd:session): deprecated reading of user environment enabled

That works for me, but I think soon or later we must change our public keys.

> ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "comment"
> ssh-keygen -t rsa-sha2-256 -b 4096 -f ~/.ssh/id_rsa2_256 -C "comment"
> ssh-keygen -t rsa-sha2-512 -b 4096 -f ~/.ssh/id_rsa2_512 -C "comment"

Cheers.

Last edited by vr0 (2021-09-30 03:49:20)

Offline

#5 2021-10-10 18:23:56

robinhood018
Member
Registered: 2021-10-05
Posts: 3

Re: [SOLVED] Latest sshd not accepting key algorithms

Well, the above method didn't work for me too, so I had to downgrade to this version https://archive.archlinux.org/packages/ … kg.tar.zst
You can do all this by > pacman -U /path/to/this/openssh-8.7p1-2-x86_64.pkg.tar.zst

This is a suggested option for anyone else for whom the other options didn't work.

Offline

#6 2021-10-12 14:15:50

rashfeather
Member
Registered: 2010-01-25
Posts: 11

Re: [SOLVED] Latest sshd not accepting key algorithms

#5 worked for me. Interesting how it's only *some* remote hosts which had a problem. I was still able to access a majority just fine.

Offline

#7 2021-10-12 14:38:55

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 14,469

Re: [SOLVED] Latest sshd not accepting key algorithms

You are papering over an intentional disable/deprecation by downgrading the package: https://www.openssh.com/txt/release-8.8 note the potentially incompatible changes note. You should fix your server's keys or follow #4 as a last resort instead of downgrading the package.

Offline

#8 2021-10-23 20:50:26

probackup-nl
Member
From: Delft
Registered: 2017-11-15
Posts: 56
Website

Re: [SOLVED] Latest sshd not accepting key algorithms

#4 doesn't work on 5.10.74-1-raspberrypi4-ARCH:

$ grep Pub /etc/ssh/sshd_config
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa
$ sudo systemctl restart sshd

ssh-audit still recommends to add ssh-rsa:

# algorithm recommendations (for OpenSSH 8.8)
(rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove
(rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove
(rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
(rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove
(rec) +ssh-rsa                              -- key algorithm to append
...

PS And an ancient OpenSSH 6.2 client responds with "no hostkey alg" and sshd logs in journal:

Unable to negotiate with X port Y: no matching host key type found. Their offer: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss [preauth]

Last edited by probackup-nl (2021-10-23 20:54:19)

Offline

#9 2021-10-24 20:08:20

loqs
Member
Registered: 2014-03-06
Posts: 14,277

Re: [SOLVED] Latest sshd not accepting key algorithms

probackup-nl wrote:

ssh-audit still recommends to add ssh-rsa:

What version of ssh-audit is producing that output?

https://github.com/jtesta/ssh-audit/com … 7d1ff73c89

Offline

#10 2021-11-13 12:40:40

Wild Penguin
Member
Registered: 2015-03-19
Posts: 247

Re: [SOLVED] Latest sshd not accepting key algorithms

I was also hit by this bug while trying to access my OpenWRT router.

I also noticed, that ssh-keygen still creates RSA keys per default. Hmm, interersting: it creates keys that OpenSSH itself has deprecated!

Perhaps the wiki should be updated to advice users on this deprecation and to create stronger keys, and perhaps upstream is wise enough to change the default key type, both to facilitate the transition. What do you think?

Also, sorry if I'm veered too much off-topic! This is just some input from a user-point of view. I understand the world is going on forward, and some algorithms just need to be changed...

EDIT: Also, somehow missed this topic has already been marked as [SOLVED]!

Last edited by Wild Penguin (2021-11-13 12:57:47)

Offline

#11 2021-11-13 15:41:45

progandy
Member
Registered: 2012-05-17
Posts: 4,638

Re: [SOLVED] Latest sshd not accepting key algorithms

I also noticed, that ssh-keygen still creates RSA keys per default. Hmm, interersting: it creates keys that OpenSSH itse

A key marked as ssh-rsa should automatically use the newer rsa-sha2-256 / rsa-sha2-512 protocols to communicate with the server. (The stored rsa key does not include any data to specify the hash algorithm and has the same format for all three, it can be used with any of the hashes supported by ssh)   That should(TM) work as long as the server supports them as well. If The ssh-server does support sha256/sha512, but the connection fails, then there is probably a bug in openssh.
Only the old protocol using rsa keys and SHA1 hashing has been disabled.

Last edited by progandy (2021-11-13 15:47:21)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#12 2021-11-19 08:06:06

drankinatty
Member
From: Nacogdoches, Texas
Registered: 2009-04-24
Posts: 43
Website

Re: [SOLVED] Latest sshd not accepting key algorithms

It may be marked solved, but the problem remains for many devices that must present the new key to the updated version of openssh.. All my old ssh keys that are rsa work fine when present from phones, etc. However generating a new key with `ssh-keygen` generates a 3072 bit key and identifies it as `-----BEGIN OPENSSH PRIVATE KEY-----` instead of the older keys identified as `-----BEGIN RSA PRIVATE KEY-----`. The only thing I can tell is different between the keys generated that causes the issue is the length.

This works fine for Arch, but other apps that need to present the keys to your Arch server running sshd have problems with the longer length resulting in

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

Granted, this isn't an Arch or openssh problem, but I suspect we will see more of it as clients with older versions attempt to use newer keys with the current version of openssh on the server.

Last edited by drankinatty (2021-11-19 08:39:09)


David C. Rankin, J.D.,P.E.

Offline

#13 2021-11-30 18:47:31

Bachsau
Member
Registered: 2016-12-09
Posts: 13

Re: [SOLVED] Latest sshd not accepting key algorithms

There is no reason to downgrade anything, but the Algorithm used for user authentication is only one part of the equation. You also need re-enable it for the host key:

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

If you add both to your sshd_config, old putty connections will work again.

Last edited by Bachsau (2021-11-30 19:41:49)

Offline

#14 2021-11-30 19:16:36

Wild Penguin
Member
Registered: 2015-03-19
Posts: 247

Re: [SOLVED] Latest sshd not accepting key algorithms

In my previous reply I got confused, but also I may have encountered an OpenSSH bug. I can not confirm since the conditions to trigger it don't exist anymore (I could try to reproduce them by re-configuring some host for testing)..

First, the ssh client on Arch started to not accept ssh-rsa as the Host Key algorithm (because it's deprecated? I'm not actually sure which ssh-rsa key the server used). But, also something different happened: if I set HostKeyAlgorithms=+ssh-rsa, it suddenly stops accepting to use my ssh-rsa public key, too. I also needed to set PubkeyAcceptedAlgorithms=+ssh-rsa. After upgrading the host I was connecting to so that the host has stronger ed25519 host keys, I don't need to set PubKeyAcceptedAlgorithms anymore. It will just accept both host and public keys (despite only the former had changed).

Offline

#15 2021-11-30 19:38:57

Bachsau
Member
Registered: 2016-12-09
Posts: 13

Re: [SOLVED] Latest sshd not accepting key algorithms

You need both because the algorithm has been deprecated and subsequently removed from both options. "ssh-rsa" should have better been called "rsa-sha1", because that's what it really means, but when it was defined, key-type and signature algorithm were one, and they didn't know that would change. Modern versions of OpenSSH combine the RSA keys with the more secure SHA-2, but putty did not support this for a long time and afaik only implemented it in the latest version when using the PPK3 key format.

ed25519 keys are newer and were never used together with SHA-1, so this isn't a problem here. But RSA requires a collision resistant hash function to apply to the message it signs (read this), and SHA-1 is broken.

Last edited by Bachsau (2021-11-30 20:02:46)

Offline

Board footer

Powered by FluxBB